Alerts This Week
Warning Icon 1 684
Alerts This Week
Warning Icon 1 684

Gentoo: GLSA-201701-45 Normal: irssi Multiple Issues and Risks

gentoo
Calendar Grey January 19, 2017
Dist Gentoo Esm H88
Critical alert for Gentoo users regarding vulnerabilities in irssi, exposing systems to remote code execution and Denial of Service attacks. Immediate updates are necessary!
Multiple vulnerabilities have been found in irssi, the worst of which could allow remote attackers to execute arbitrary code.

Summary

Multiple vulnerabilities have been discovered in irssi. Please review the CVE identifiers referenced below for details.

Topics%20covered

Topics Covered

security advisory gentoo remote execution arbitrary code Denial of Service irssi normal severity

Resolution

All irssi users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=net-irc/irssi-0.8.21"

References

[ 1 ] CVE-2017-5193 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5193 [ 2 ] CVE-2017-5194 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5194 [ 3 ] CVE-2017-5195 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5195 [ 4 ] CVE-2017-5196 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5196

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201701-45
style>.gentoo_availability{display:block;}

Concerns

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

Severity: Normal
Title: irssi: Multiple vulnerabilities
Date: January 19, 2017
Bugs: #604772
ID: 201701-45

Topics%20covered

Topics Covered

security advisory gentoo remote execution arbitrary code Denial of Service irssi normal severity

Synopsis

Multiple vulnerabilities have been found in irssi, the worst of which could allow remote attackers to execute arbitrary code.

Background

irssi is a modular textUI IRC client with IPv6 support.

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Affected Packages

------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 net-irc/irssi < 0.8.21 >= 0.8.21

Impact

===== A remote attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Related News

Your message here